What is claimed is: 



1 1 . A method of providing cross-domain authentication in a computing environment, 

2 comprising steps of: 

3 providing security credentials of an entity to an initial point of contact in the computing 

4 environment; 

5 passing the provided credentials from the initial point of contact to a trust proxy; 

6 authenticating the passed credentials with an authentication service in a local security 

7 domain of the trust proxy; and 

8 using the authentication performed by the local authentication service to seamlessly 

9 authenticate the entity to one or more selected remote security domains. 

1 2. The method according to Claim 1 , when the using step further comprises the steps of: 

2 consulting policy information to determine which of a plurality of remote security domains 

3 should be selected to receive information from the local authentication service; and 

4 passing the information from the local authentication service to each of the determined 

5 remote security domains. 

1 3. The method according to Claim 1, wherein the using step enables remote services in the 

2 selected remote security domains to be accessed by the entity without requiring the entity to 

3 provide its security credentials for those remote services. 



1 



4. The method according to Claim 3, wherein a credential mapping operation is performed to 
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2 map the provided security credentials to the entity's security credentials for each remote service. 

1 5. The method according to Claim 1 , wherein the entity is an end user. 

1 6. The method according to Claim 1 , wherein the initial point of contact is a portal interface. 

1 7. The method according to Claim 1 , wherein the passing step is performed by a proxy of the 

2 initial point of contact. 

1 8. The method according to Claim 7, wherein the proxy of the initial point of contact 

2 performs a protocol conversion, when passing the provided credentials, from a first protocol used 

3 in the providing step to a second protocol used by the trust proxy. 

1 9. The method according to Claim 8, wherein the first protocol is Hypertext Transfer 

2 Protocol ("HTTP") or a security-enhanced version thereof. 

1 10. The method according to Claim 8, wherein the second protocol is Simple Object Access 

2 Protocol ("SOAP"). 

1 11. The method according to Claim 1 , wherein the initial point of contact provides an 

2 aggregation of a plurality of Web services. 
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1 12. The method according to Claim 1 , wherein the using step further comprises the steps of: 

2 forwarding a security token from the local authentication service to a remote trust proxy 

3 in each of the selected remote security domains; and 

4 using the forwarded security token, at each of the remote trust proxies, to authenticate the 

5 entity with an authentication service in the remote security domain. 

1 13. The method according to Claim 1 2, wherein results of the authentication by the 

2 authentication service in the local security domain and results of each authentication by the 

3 authentication services in each selected remote security domain are returned to the initial point of 

4 contact. 

1 14. The method according to Claim 1 3 , further comprising the step of deterniining, by the 

2 initial point of contact, which services and/or views thereof can be provided to the entity based on 

3 the returned results. 

1 15. The method according to Claim 1 , wherein the entity has security credentials, in at least 

2 one of the selected remote security domains, that differ from the provided security credentials, 

3 and wherein the using step transparently maps the provided security credentials to the different 

4 security credentials. 

1 1 6. A system for enabling an entity to have seamless access to a plurality of aggregated 

2 services which have different identity requirements, comprising: 
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3 means for initially authenticating the entity, by a first authentication component, using an 

4 identity provided by the entity; 

5 means for mapping the provided identification to the differing identity requirements of at 

6 least one service to be aggregated, thereby establishing mapped identity requirements for each of 

7 the at least one services; 

8 means for subsequently authenticating the entity, by an authentication component 

9 associated with each of the at least one services, using the mapped identity requirements; and 

10 means for aggregating each of the at least one services and a service associated with the 

1 1 initial authentication component, if the authentications thereof are successful, into an aggregated 

12 result. 

1 1 7. The system according to Claim 1 6, wherein the aggregated result is an aggregated view. 

1 18. The system according to Claim 1 6, wherein the entity is a programmatic entity. 

1 19. A computer program product for providing federated identity management within a 

2 distributed content aggregation framework, the computer program product embodied on one or 

3 more computer-readable media and comprising: 

4 computer-readable program code means for providing, to the content aggregation 

5 framework by a using entity, initial identity information; 

6 computer-readable program code means for authenticating the initial identity information 

7 by a first authentication service in a first security domain; 
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8 computer-readable program code means for conveying results of the authentication by the 

9 first authentication service to one or more selected other authentication services associated with 

10 one or more other security domains; and 

1 1 computer-readable program code means for using the conveyed results to authenticate the 

12 using entity to each of the selected other authentication services, without requiring the using 

1 3 entity to provide additional identity information. 

1 20. The computer program product according to Claim 1 9, wherein the initial identity 

2 information is a name and password associated with the using entity. 
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